﻿      <?php

if ( $_GET['act'] == "do" )

{

// DÃ¹ng hÃ m addslashes() Ä‘á»ƒ trÃ¡nh SQL injection, dÃ¹ng hÃ m md5() Ä‘á»ƒ mÃ£ hÃ³a password

$username = addslashes( $_POST['username'] );

$password = md5( addslashes( $_POST['password'] ) );

// Láº¥y thÃ´ng tin cá»§a username Ä‘Ã£ nháº­p trong table members

$sql_query = @mysql_query("SELECT id, username, password FROM members WHERE username='{$username}'");

$member = @mysql_fetch_array( $sql_query );

// Náº¿u username nÃ y khÃ´ng tá»“n táº¡i thÃ¬....

if ( @mysql_num_rows( $sql_query ) <= 0 )

{

print "TÃªn truy nháº­p khÃ´ng tá»“n táº¡i. <a href='javascript:history.go(-1)'>Nháº¥p vÃ o Ä‘Ã¢y Ä‘á»ƒ quay trá»Ÿ láº¡i</a>";

exit;

}

// Náº¿u username nÃ y tá»“n táº¡i thÃ¬ tiáº¿p tá»¥c kiá»ƒm tra máº­t kháº©u

if ( $password != $member['password'] )

{

print "Nháº­p sai máº­t kháº©u. <a href='javascript:history.go(-1)'>Nháº¥p vÃ o Ä‘Ã¢y Ä‘á»ƒ quay trá»Ÿ láº¡i</a>";

exit;

}

// Khá»Ÿi Ä‘á»™ng phiÃªn lÃ m viá»‡c (session)

$_SESSION['user_id'] = $member['id'];

$_SESSION['user_admin'] = $member['admin'];

// ThÃ´ng bÃ¡o Ä‘Äƒng nháº­p thÃ nh cÃ´ng

print "Ä‘Äƒng nháº­p thÃ nh cÃ´ng";

echo '<meta http-equiv="refresh" content="0;url=/">';

}





 if ( !$_SESSION['user_id'] )



 {



    echo('

    

  <table align="center" border="0" cellpadding="1" cellspacing="1" style="width: 243px; height: 109px;">
			<tbody>
				<tr>
					<td><form action="login.php?act=do" method="post">
						<table border="0" cellpadding="1" cellspacing="1" style="width: 241px; height: 57px;">
							<tbody>
								<tr>
									<td>
										T&ecirc;n Đăng Nhập:</td>
									<td>
										<input maxlength="30" name="username" size="14" type="text" /></td>
								</tr>
								<tr>
									<td>
										Mật Khẩu:</td>
									<td>
										<input name="password" size="15" type="password" /></td>
								</tr>
							</tbody>
						</table>
						<div style="text-align: center;">
							<input name="login" type="submit" value="Đăng nhập" /></div>
					</td>
				</tr>
			</tbody>
		</form></table>
 
<a href="/register.php">Đăng kí!</a>
   ');




   }else



  {

         echo '<strong><span style="color: rgb(255, 0, 0);">ChÃ o báº¡n ';?> 



    <?php



   echo "{$member['username']}";



   echo "{$member['name']}";



   echo '</span></strong>';



   echo "  |  <a href='suathongtin.php'>Sá»­a thÃ´ng tin</a> | ";



   if ($member['admin']!="0")  



   echo "<a href='admin.php'>Trang quáº£n trá»‹.</a>";



    



    echo "&nbsp;|&nbsp;<a href='thoat.php'>ThoÃ¡t ra</a>";

  }

  ?>

